在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称:pjebs/Obfuscator-iOS开源软件地址:https://github.com/pjebs/Obfuscator-iOS开源编程语言:Objective-C 95.0%开源软件介绍:App Obfuscator for iOS AppsSecure your app by obfuscating all the hard-coded security-sensitive strings. Security Sensitive strings can be:
This library hard-codes typical NSStrings as C language strings by obfuscating and then encoding as hexadecimal. When your app needs the original unobfuscated NSStrings, it dynamically decodes it back. It adds an extra layer of security against prying eyes. This makes it harder for people with jail-broken iPhones from opening up your app's executable file and then looking for strings embedded in the binary that may appear 'interesting'. See generally: This library (v2+) can now be bridged over to Swift. InstallationCocoaPodspod 'Obfuscator', '~> 2.0' Create Globals.h & Globals.m filesThis is typically where you store your sensitive strings that you want available globally. File(top menu)->New->File... Create a Prefix HeaderFor XCode 6, you will need to create a
//Now you do not need to include those headers anywhere else in your project.
#import "Globals.h"
#import <Obfuscator/Obfuscator.h> UsageStep 1Let's assume you are using Parse. In order to use their backend services, they will provide you with a client key: clientKey:@"JEG3i8R9LAXIDW0kXGHGjauak0G2mAjPacv1QfkO" Since the string is hard-coded, it will be baked into the executable binary - easily accessible to unscrupulous prying eyes. We need to encode it as a global C-String encoded in hexadecimal. Obfuscator *o = [Obfuscator newWithSalt:[AppDelegate class],[NSString class], nil]; //Use any class(es) within your app that won't stand out to a hacker
[o hexByObfuscatingString:@"JEG3i8R9LAXIDW0kXGHGjauak0G2mAjPacv1QfkO"]; This will print out the following code in the XCode Console output ( Objective-C Code:
extern const unsigned char *key;
//Original: JEG3i8R9LAXIDW0kXGHGjauak0G2mAjPacv1QfkO
const unsigned char _key[] = { 0x7E, 0x23, 0x25, 0xB, 0xB, 0xF, 0x31, 0x9, 0x7B, 0x70, 0x3B, 0x7F, 0x21, 0x35, 0x9, 0x52, 0x6D, 0x21, 0x2C, 0x7F, 0xE, 0x4, 0x43, 0x52, 0x53, 0x54, 0x75, 0x4, 0x5C, 0x27, 0xB, 0x36, 0x3, 0x5B, 0x15, 0x52, 0x60, 0x5E, 0xE, 0x2E, 0x00 };
const unsigned char *key = &_key[0]; Before Deploying your app DELETE OUT ALL REFERENCE TO Step 2Copy the Copy the Copy the Remember to change It may be a good idea to add the original string as comments in Step 3When your app needs to use the unobfuscated string: - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {
Obfuscator *o = [Obfuscator newWithSalt:[AppDelegate class],[NSString class], nil]; //The salt MUST match Step 1
/* INSTEAD OF THIS:
[Parse setApplicationId:@"TestApp"
clientKey:@"JEG3i8R9LAXIDW0kXGHGjauak0G2mAjPacv1QfkO"];
*/
[Parse setApplicationId:@"TestApp"
clientKey:[o reveal:parseKey];
return YES;
} The Salt used by Step 4THIS STEP IS VERY IMPORTANT Double check that ALL of your obfuscated strings can be unobfuscated back to the original. If not, then change the salt and try again. If even one string cannot be unofuscated, then that particular string can not be used with this library. The others can. More Advanced UsageStep 1 - Generate Objective-C Code- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {
[Obfuscator generateCodeWithSalt:@[[NSString class], [AppDelegate class], [NSObject class]]
WithStrings:@[
@{@"id": @"AA", @"string":@"testSecret"},
@{@"id": @"BB", @"string":@"testKey"},
@{@"id": @"CC", @"string":@"parseKey1234"},
]];
return YES;
} This will output in Console Log: Salt used (in this order): [AppDelegate class],[NSObject class],[NSString class],
Objective-C Code:
**********Globals.h**********
extern const unsigned char *AA;
extern const unsigned char *BB;
extern const unsigned char *CC;
**********Globals.m**********
//Original: "testSecret"
const unsigned char _AA[] = { 0x41, 0x51, 0x46, 0x44, 0x62, 0x52, 0x55, 0x44, 0x3, 0x4C, 0x00 };
const unsigned char *AA = &_AA[0];
//Original: "testKey"
const unsigned char _BB[] = { 0x41, 0x51, 0x46, 0x44, 0x7A, 0x52, 0x4F, 0x00 };
const unsigned char *BB = &_BB[0];
//Original: "parseKey1234"
const unsigned char _CC[] = { 0x45, 0x55, 0x47, 0x43, 0x54, 0x7C, 0x53, 0x4F, 0x57, 0xA, 0x56, 0x56, 0x00 };
const unsigned char *CC = &_CC[0]; Copy and Paste the generated code. NB: The Salt has been rearranged because the original arrangement was not able to obfuscate all 3 strings. The Algorithm will go through all permutations of DELETE OUT [Obfuscator generateCodeWithSalt:WithStrings:] for production. Step 2 - Store Salt in key-value internal database[Obfuscator storeKey:@"swift" forSalt:[AppDelegate class],[NSObject class],[NSString class], nil]; If your project is written in Objective-C, there are other undocumented ways to proceed after Step 1. However, this is the only way to proceed for a Swift based project. This way will also work in both Swift and Objective-C. NB: The Salt list applied to You can use different keys to identify different salts if you choose to obfuscate multiple strings using different salts. Step 3 - Dynamically decode obfuscated string when you need to use it.- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {
/* INSTEAD OF THIS:
[Parse setApplicationId:@"TestApp"
clientKey:@"JEG3i8R9LAXIDW0kXGHGjauak0G2mAjPacv1QfkO"];
*/
[Parse setApplicationId:@"TestApp"
clientKey:[Obfuscator reveal:CC UsingStoredSalt:@"swift"];
return YES;
} For swift: Obfuscator.reveal(CC, usingStoredSalt: "swift") Other Useful PackagesCheck out Check out Credits:Final NotesIf you found this package useful, please Star it on github. Feel free to fork or provide pull requests. Any bug reports will be warmly received. PJ Engineering and Business Solutions Pty. Ltd. |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论